Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hovawart-berlin.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 Mar 2015 19:04:20 GMT
Accept-Ranges: bytes
ETag: "4223-150-49d954ee28a80"
Server: Apache/2.2.29 (Unix)
Content-Length: 336
Content-Type: text/html
Last-Modified: Thu, 03 Mar 2011 15:01:46 GMT
...336 bytes of data.
GET / HTTP/1.1
Host: hovawart-berlin.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 Mar 2015 19:04:20 GMT
Accept-Ranges: bytes
ETag: "4223-150-49d954ee28a80"
Server: Apache/2.2.29 (Unix)
Content-Length: 336
Content-Type: text/html
Last-Modified: Thu, 03 Mar 2011 15:01:46 GMT
...336 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hovawart-berlin.de
Referer: http://www.google.com/search?q=hovawart-berlin.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hovawart-berlin.de
Referer: http://www.google.com/search?q=hovawart-berlin.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://fuckedhot.com/ | 200 OK Content-Length: 59336 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: zwei.in <div id="header"><!-- main navigation --> <div id="mainNavWrapper"> <!-- search --> <ul id="nav2"> <li class="first active"><a href="/" title="Hosted Videos" class="round1100r8 pngfix">Hosted Videos</a></li> <li class=""><a href="/hot-plugs/" title="Hot Plugs" class="round1100r8 pngfix">Hot Plugs</a></li> <li class=" ...[4550 bytes skipped]... | ||
http://adspaces.ero-advertising.com/adspace/244839.js | 200 OK Content-Length: 4363 Content-Type: application/javascript | clean |
http://fuckedhot.com/hot-plugs/ | 200 OK Content-Length: 57282 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: zwei.in <div id="header"><!-- main navigation --> <div id="mainNavWrapper"> <!-- search --> <ul id="nav2"> <li class=""><a href="/" title="Hosted Videos" class="round1100r8 pngfix">Hosted Videos</a></li> <li class="first active"><a href="/hot-plugs/" title="Hot Plugs" class="round1100r8 pngfix">Hot Plugs</a></li> <li class=" ...[4494 bytes skipped]... | ||
http://fuckedhot.com/rss-feeds/ | 200 OK Content-Length: 43624 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: zwei.in <div id="header"><!-- main navigation --> <div id="mainNavWrapper"> <!-- search --> <ul id="nav2"> <li class=""><a href="/" title="Hosted Videos" class="round1100r8 pngfix">Hosted Videos</a></li> <li class=""><a href="/hot-plugs/" title="Hot Plugs" class="round1100r8 pngfix">Hot Plugs</a></li> <li class="first active ...[4651 bytes skipped]... | ||
http://fuckedhot.com/advertise.php | 200 OK Content-Length: 1836 Content-Type: text/html | clean |
http://fuckedhot.com/test404page.js | 404 Not Found Content-Length: 36382 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.bitchcrawler.com <div id="header"><!-- main navigation --> <div id="mainNavWrapper"> <!-- search --> <ul id="nav2"> <li class=""><a href="/" title="Hosted Videos" class="round1100r8 pngfix">Hosted Videos</a></li> <li class=""><a href="/hot-plugs/" title="Hot Plugs" class="round1100r8 pngfix">Hot Plugs</a></li> <li class=""><a href="/r ...[4582 bytes skipped]... | ||
http://ads.crakmedia.com/www/delivery/fl.js | 200 OK Content-Length: 6707 Content-Type: application/javascript | clean |
http://fuckedhot.com/exposed-webcams/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 16 Sep 2014 09:41:30 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://safelinktracker.com/go/wHl_bwE3w/DEFAULT Server: - Web acceleration by http://www.unixy.net/varnish Content-Length: 0 Content-Type: text/html X-Cache: MISS X-Cacheable: YES X-Powered-By: PHP/5.3.28 X-Varnish: 1202292663 | clean |
http://safelinktracker.com/go/whl_bwe3w/default | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Connection: close Date: Tue, 16 Sep 2014 09:41:31 GMT Location: http://safelinktracker.com/go/whl_bwe3w/default/ Server: nginx Content-Type: text/html; charset=UTF-8 Set-Cookie: SERVERID=cm-web-lp9; path=/ X-Powered-By: PHP/5.4.30 | clean |
http://safelinktracker.com/go/whl_bwe3w/default/ | HTTP/1.1 302 Found Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private Connection: close Date: Tue, 16 Sep 2014 09:41:31 GMT Location: /back?token=L_bqvyk&tracker=default Server: nginx Content-Type: text/html; charset=UTF-8 Set-Cookie: SERVERID=cm-web-lp13; path=/ X-Powered-By: PHP/5.4.31 | clean |
http://safelinktracker.com/back?token=l_bqvyk&tracker=default | HTTP/1.1 302 Found Cache-Control: no-cache Connection: close Date: Tue, 16 Sep 2014 09:41:34 GMT Location: http://asiafind.com/go/p301686.sub1.223.LT.5141.default?lang=chinese&show_lang=chinese&token=dvB1_cHK41&tracker=default Server: nginx Content-Type: text/html; charset=UTF-8 Set-Cookie: cr_UID=78.158.11.226279ae8a46fd959c139800a07026bf51d; expires=Mon, 05-Sep-2016 09:41:32 GMT Set-Cookie: PHPSESSID=dmj56hruib524geu6vire3s4f3; path=/ Set-Cookie: SERVERID=cm-web-ext07; path=/ X-Powered-By: PHP/5.4.32 | clean |
http://asiafind.com/go/p301686.sub1.223.lt.5141.default?lang=chinese&show_lang=chinese&token=dvb1_chk41&tracker=default | 200 OK Content-Length: 47895 Content-Type: text/html | clean |
http://graphics2.asiafind.com/images/common/js/jquery/jquery-1.5.1.min.js | 200 OK Content-Length: 85260 Content-Type: application/x-javascript | clean |
http://fuckedhot.com/images/common/js/chinese_statedropdown_utf8.js | 404 Not Found Content-Length: 36382 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.bitchcrawler.com <div id="header"><!-- main navigation --> <div id="mainNavWrapper"> <!-- search --> <ul id="nav2"> <li class=""><a href="/" title="Hosted Videos" class="round1100r8 pngfix">Hosted Videos</a></li> <li class=""><a href="/hot-plugs/" title="Hot Plugs" class="round1100r8 pngfix">Hot Plugs</a></li> <li class=""><a href="/r ...[4582 bytes skipped]... | ||
http://fuckedhot.com/hosted/1124/daughter-and-boyfriend-fuck-her-drunk-mom | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 16 Sep 2014 09:41:37 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://fuckedhot.com/hosted/1124/daughter-and-boyfriend-fuck-her-drunk-mom/ Server: - Web acceleration by http://www.unixy.net/varnish Content-Length: 283 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS X-Cacheable: YES X-Pad: avoid browser bug X-Varnish: 1202293214 | clean |
http://fuckedhot.com/hosted/1124/daughter-and-boyfriend-fuck-her-drunk-mom/ | 200 OK Content-Length: 56272 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: zwei.in <div id="header"><!-- main navigation --> <div id="mainNavWrapper"> <!-- search --> <ul id="nav2"> <li class=""><a href="/" title="Hosted Videos" class="round1100r8 pngfix">Hosted Videos</a></li> <li class=""><a href="/hot-plugs/" title="Hot Plugs" class="round1100r8 pngfix">Hot Plugs</a></li> <li class=""><a h ...[4651 bytes skipped]... | ||
http://adspaces.ero-advertising.com/adspace/276540.js | 200 OK Content-Length: 1824 Content-Type: application/javascript | clean |
http://fuckedhot.com/hot-plugs/60020/perfect-teen-girlfriend-anal-sex-video | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 16 Sep 2014 09:41:39 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://fuckedhot.com/hot-plugs/60020/perfect-teen-girlfriend-anal-sex-video/ Server: - Web acceleration by http://www.unixy.net/varnish Content-Length: 284 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS X-Cacheable: YES X-Varnish: 1202293413 | clean |
http://fuckedhot.com/hot-plugs/60020/perfect-teen-girlfriend-anal-sex-video/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 16 Sep 2014 09:41:39 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: /out.php?url=http://www.amateurdumper.com/Amateur/43638/Athletic_sexy_babe_gagging_cock_and_anal_fucked.html Server: - Web acceleration by http://www.unixy.net/varnish Content-Length: 0 Content-Type: text/html Set-Cookie: fa_amateurdumper=60020; expires=Tue, 16-Sep-2014 21:41:39 GMT X-Cache: MISS X-Cacheable: YES X-Powered-By: PHP/5.3.28 X-Varnish: 1202293476 | clean |
http://fuckedhot.com/out.php?url=http://www.amateurdumper.com/amateur/43638/athletic_sexy_babe_gagging_cock_and_anal_fucked.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 16 Sep 2014 09:41:40 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.amateurdumper.com/amateur/43638/athletic_sexy_babe_gagging_cock_and_anal_fucked.html Server: - Web acceleration by http://www.unixy.net/varnish Content-Length: 0 Content-Type: text/html Set-Cookie: amateurdumper=http%3A%2F%2Fwww.amateurdumper.com%2Famateur%2F43638%2Fathletic_sexy_babe_gagging_cock_and_anal_fucked.html; expires=Tue, 16-Sep-2014 21:41:40 GMT X-Cache: MISS X-Cacheable: YES X-Powered-By: PHP/5.3.28 X-Varnish: 1202293545 | malicious |
http://www.amateurdumper.com/amateur/43638/athletic_sexy_babe_gagging_cock_and_anal_fucked.html | 200 OK Content-Length: 147731 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.cuckold69.com <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Homemade Sex :: Athletic sexy babe gagging cock and anal fucked</title> <link href="http://www.amateurdumper.com/thumbs/2014/08/5250922.jpg" rel="image_src" /><meta http-equiv="content-type" cont ...[4228 bytes skipped]... | ||
http://www.amateurdumper.com/webmasters/mootools.svn.js | 200 OK Content-Length: 190750 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools = { version: '1.11' }; function $defined(obj){ return (obj != undefined); }; function $type(obj){ if (!$defined(obj)) return false; if (obj.htmlElement) return 'element'; var type = typeof obj; if (type == 'object' && obj.nodeName){ switch(obj.nodeType){ case 1: return 'element'; case 3: return (/\S/).test(obj.nodeValue) ? 'textnode' : ' obj[i] = {}; var hide = (i != index) || (this.options.alwaysHide && (el.offsetHeight > 0)); this.fireEvent(hide ? 'onBackground' : 'onActive', [this.togglers[i], el]); for (var fx in this.effects) obj[i][fx] = hide ? 0 : el[this.effects[fx]]; }, this); return this.start(obj); }, showThisHideOpen: function(index){return this.display(index);} }); Fx.Accordion = Accordion; Antivirus reports:
| ||
http://www.amateurdumper.com/js/ppunder.js | 200 OK Content-Length: 5299 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fuckedhot.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://fuckedhot.com/
Result: fuckedhot.com is not infected or malware details are not published yet.
Result: fuckedhot.com is not infected or malware details are not published yet.